<?php
/****************************************************************************** 
 * Copyright 1991-2011 by Quantum, Inc.  All rights reserved.
 * No part of this work may be reproduced or transmitted in any
 * form or by any means, electronic or mechanical, including
 * photocopying and recording, or by any information storage
 * or retrieval system, except as may be expressly permitted by
 * the 17 U.S.C. section 101, et. seq., or in writing by
 * ADIC, Inc.
 *******************************************************************************/

session_start();
$user = $_SESSION['user'];
$signedCertFile="/tmp/signedCertFile.pem";
$primaryKeyFile="/home/embedded/library/HTTPService/certs/userPrimaryKey.pem";

include('common_admin_inc.htm');

// Define errors
define('NOT_PEM_CERTIFICATE',4113);
define('CERTIFICATE_VALIDATION_FAILED',4114);
define('CERT_KEY_MISMATCH',4115);

$cert_type_to_name = array(
   0 => "Root", 
   1 => "Client", 
   2 => "Admin", 
   3 => "Bundle", 
   4 => "Client", 
   5 => "Client Private Key", 
   6 => "Admin", 
   7 => "Admin Private Key", 
   8 => "Root", 
   9 => "Client");

class certificate
{
   var $startD;
   var $endDate;
   var $certFile;
   
   function certificate($certificateFile)
   {
      $this->certFile = $certificateFile;
   }
   
   function ispemfile()
   {
      $status=false;
      $cmd="/usr/bin/openssl x509 -in ".$this->certFile." -text -noout >>/tmp/results";
      exec($cmd,$results,$rc);
      if ($rc == 0)
      {
         $status=true;
      }
      else
      {
         error_log("results: ".print_r($results,true));
      }
      return $status;
   }
   
   function getDate($type)
   {
      $date = ''; 
  
      // option = -startdate or -enddate
      $dateOption = '-' . $type . 'date'; 
      $cmd = " /usr/bin/openssl x509 -noout -in " . $this->certFile . " $dateOption";
      $str = exec($cmd, $da, $rc); 
      if ($rc == 0)
      {
         // expected format:  
   	 //		notBefore=Apr 19 13:51:18 2011 GMT
  
         $tokens = explode('=', $str); 
   	 if (count($tokens) > 1)
   	 {
   	    $date = $tokens[1];
         } 
      }
      return $date; 
   }
   
   function isValid($key)
   {
      $error=0;
   
      // check whether pem file is valid
      $cmd="/home/embedded/library/AppManager/bin/sslcertvalidate.sh ".$this->certFile;
      exec($cmd,$results,$rc);
      error_log("results: ".print_r($results,true));
      if ($results[0] == "Valid")
      {
         error_log("Certificate file date ranges are valid.");
         // verify the certificate matches the primary key
         $kMod=exec("/usr/bin/openssl rsa -noout -in ".$key." -modulus | /usr/bin/openssl md5");      
         $cMod=exec("/usr/bin/openssl x509 -noout -in ".$this->certFile." -modulus | /usr/bin/openssl md5");      
         if ($cMod == $kMod)
         {
            error_log("Certificate matches Primary key.");
         } 
         else
         {
            error_log("Certificate does not match Primary key.");
            $error=CERT_KEY_MISMATCH;
         }
      }
      else 
      {
         error_log("Certificate file dates are ".$results[0]);
         $error=CERTIFICATE_VALIDATION_FAILED;
      }
      
      return $error;
      
   }
   
   function containsPrimaryKey()
   {
      $status=false;
      //verify that the primary key is in the file
      $cmd="/usr/bin/openssl rsa -noout -in ".$this->certFile." -modulus"; 
      exec($cmd,$results,$rc);
      if ($rc == 0)
      {
         $kMod=exec("/usr/bin/openssl rsa -noout -in ".$this->certFile." -modulus | /usr/bin/openssl md5");      
         $cMod=exec("/usr/bin/openssl x509 -noout -in ".$this->certFile." -modulus | /usr/bin/openssl md5");      
         if ($cMod == $kMod)
         {
            error_log("Certificate matches Primary key.");
            $status=true;
         } 
         else
         {
            error_log("The certificate and primary key in the file do not match.");
         }
      }
      else
      {
          error_log("Certificate file does not contain primary key.");
      }
      return $status;     
   }
   
}

class sslCertInfo
{
     var $issuer;
     var $subject;
     var $notBefore;
     var $notAfter;
     var $status;
     var $type;
     function sslCertInfo($issuer,
                          $subject,
                          $notBefore,
                          $notAfter,
                          $status,
                          $type)
     {
         $this->issuer = $issuer;
         $this->subject = $subject;
         $this->notBefore = $notBefore;
         $this->notAfter = $notAfter;
         $this->status = $status;
         $this->type = $type;
     }
}

function updateSystemSSLCertificate($cert,$key)
{
    if ( $key == "") 
    {
       error_log("Uploading signed certificate and private key pair.");
       $cmd="/usr/bin/cp ".$cert." /tmp/ssl.pem";
       exec($cmd,$results,$rc);
    }
    else
    {
       error_log("Appending signed certificate to private key.");
       $cmd="/usr/bin/cp ".$key." /tmp/ssl.pem";
       exec($cmd,$results,$rc);
       $cmd="/bin/cat ".$cert." >>/tmp/ssl.pem";
       exec($cmd,$results,$rc);
       //remove the primary key file
       $cmd="sudo /bin/mv ".$key." /tmp";
       error_log("Move command: ".$cmd);
       exec($cmd,$esults,$rc);
    }
    error_log("Moving new ssl.pem file to /home/embedded/library/HTTPService/certs.");
    $cmd="/bin/chmod 440 /tmp/ssl.pem";
    exec($cmd,$results,$rc);
    // udpate lighttpd ssl file
    $cmd="sudo /bin/mv /tmp/ssl.pem /home/embedded/library/HTTPService/certs/ssl.pem";
    exec($cmd,$results,$rc);
}

function print_ssl_cert_info($info)
{
   error_log("info data: ".print_r($info,true));
   if ($info->status == "Valid")
      $status = "<font color=green><b>Valid</b></font>";
   else
      $status = "<font color=red><b>Expired</b></font>";
                     
   // Highlight the tags in the Issuer and Subject
   $old = array("C:", "ST:", "L:", "O:", "OU:", "CN:");
   $new = array("<b>C:</b>", "<b>ST:</b>", "<b>L:</b>", "<b>O:</b>", "<b>OU:</b>", "<b>CN:</b>");
   $Issuer = str_replace($old, $new, $info->issuer);
   $Subject = str_replace($old, $new, $info->subject);
?>
   <tr>
       <td align=center class="boxThin"><?=$info->type?></td>
       <td align=center class="boxThin" nowrap><?=$info->notBefore?><br><?=$info->notAfter?></td>
       <td align=center class="boxThin" nowrap><?=$status?></td>
       <td align=center class="boxThin" nowrap>
       <table border=0 width=100% cellspacing=0 cellpadding=0>
          <tr>
             <td align=left width=50><b>Issuer:</b>&nbsp;</td><td align=left><?=$Issuer?></td>
          </tr>
          <tr>
             <td align=left width=50><b>Subject:</b>&nbsp;</td><td align=left><?=$Subject?></td>
          </tr>
       </table>
       </td>
   </tr>
<?
}
                
//
// generate system ssl certificate info
//

$CertInfo=shell_exec("openssl x509 -in /home/embedded/library/HTTPService/certs/ssl.pem -issuer -subject -dates -noout");
error_log("Cert Info: ".print_r($CertInfo,true));
$tokens = explode("\n", $CertInfo,4);
$data=array();
$tmpCertInfo=array();
for ($i=0;$i<count($tokens);$i++)
{
   $data=explode("=",$tokens[$i],2);
   $tmpdata=str_replace("/"," ",$data[1]);
   $tmpdata=str_replace("=",":",$tmpdata);
   $tmpCertInfo[$data[0]]=$tmpdata;
}
$status=`/home/embedded/library/AppManager/bin/sslcertvalidate.sh /home/embedded/library/HTTPService/certs/ssl.pem`;
$systemCertInfo=new sslCertInfo($tmpCertInfo['issuer'],$tmpCertInfo['subject'],$tmpCertInfo['notBefore'],$tmpCertInfo['notAfter'],$status,"Identity");
            

if ($_SERVER[REQUEST_METHOD] == "POST")
{
    error_log($_FILES." _FILES = ". print_r($_FILES, true) );    
    error_log($_SERVER['REQUEST_URI']." POST = ". print_r($_POST, true) );    

    $operationInProgress = true;
    $status = new ReturnStatus();
    $status->context = "sslCertImport";

    // move the file
    $tmpname=$_FILES['certFile']['tmp_name'];
    $cmd="/bin/mv ".$tmpname." ".$signedCertFile;
    exec($cmd,$results,$rc);
    
    $signedCertificate=new certificate($signedCertFile);
    if ($signedCertificate->ispemfile())
    {
        error_log("A pem file has been uploaded.");
        if (file_exists($primaryKeyFile))
        {
           //Validate that the signed certificate matches primary key
           $rc=$signedCertificate->isValid($primaryKeyFile);
           if ($rc == 0)
           {
              error_log("PEM file is valid.");
              //update ssl.pem file with new primary key and certificate
              updateSystemSSLCertificate($signedCertFile,$primaryKeyFile);
           }
           else
           {
              //check to see if there is a primary key in the certificate file
              if ($signedCertificate->containsPrimaryKey())
              {
                 updateSystemSSLCertificate($signedCertFile,"");
              }
              else
              {
                 error_log("PEM file failed validation.");
                 $status->setErrorCode($rc); //Certificate Error
              }
           }
        }
        else
        {
           //check to see if there is a primary key in the certificate file
           if ($signedCertificate->containsPrimaryKey())
           {
              updateSystemSSLCertificate($signedCertFile,"");
           }
           else
           {
              error_log("PEM file failed validation.");
              $status->setErrorCode(CERTIFICATE_VALIDATION_FAILED); //Certificate Error
           }
        }
    }
    else
    {
        error_log("Uploaded file is not a pem file.");
        $status->setErrorCode(NOT_PEM_CERTIFICATE); //Not a pem file
    }

    print $status->out();
    return;

}
else
{
    error_log("Loading ssl certificate import page.");
}
?>

<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Tools - SSL Communication Certificate Import</title> <link rel=stylesheet
type="text/css" href="css/style.css">
<script type='text/javascript' src='js/common.js'></script>
<script type='text/javascript' src='js/ekm.js'></script>
<script type="text/javascript" src="js/loading.js"></script>
<script type="text/javascript" src="js/IOB.js"></script>
<script type="text/javascript">

var ekm_ssl = <?=$ekm_ssl?1:0?>;
var contextPath="";
var launchProgressWindowDo="progressWindowIndex.htm";
var progressWindowDo="progressWindow.htm";

function applyChanges()
{
    ret = true; 
    if( ret )
    {
        var noFiles = false;
        var goForIt = true;

        if( document.forms.CertInForm.certFile.value == "" )
        {
            alert("You must select a certificate file to import.");
        }
        else
        {
            alert("Successfully uploaded certificates will not be in effect until after a library restart.");
            openProgressWindow('Importing SSL Communication Certificate.', 0);
        }
    }
}


</script>
<style type="text/css">
.botThick{ 
   border-bottom-width:3px;
   border-bottom-color:black;
   border-bottom-style: solid;
   border-spacing:0px;
}
.botThin{ 
   border-bottom-width:1px;
   border-bottom-color:black;
   border-bottom-style: solid;
   border-spacing:0px;
}

.boxThin{ 
   border-width:1px;
   border-color:black;
   border-style: solid;
   border-spacing:0px;
}
.noBorder{ 
   border-width:0px;
   border-spacing:0px;
}

</style>
</head>

<body onload="javascript:{if(parent.frames[1]&&parent.frames['topFrame'].Go)parent.frames['topFrame'].Go();}IsPageLoaded();">
<BGSOUND SRC="#" ID="beep" AUTOSTART="TRUE"><!-- This is used for the beep when the user presses a NON IP Address key in Explorer -->
<input type="hidden" id="<?=ROBOHELP_ID?>" value="<?=TLS_Cert_Import?>" />

<form action="<?= $PHP_SELF ?>" enctype="multipart/form-data" method="post" name="CertInForm" target="returnStatus">
<!-- <form enctype="multipart/form-data" method="post" action="/sslCertImport.htm?method=Posted" name="CertInForm" target="returnStatus"> -->


  <table width=95% align=center>
     <tr>
        <td id="testTD" class="headingTitle">Tools - SSL Communication Certificate Import</td>
     </tr>
  </table>
  <br>

  <br><br>
  <table width="100%" align="center" border=0>
     <tr>
        <td width="100%" nowrap>
           <table id="dataTableOuter" width="95%" align="center" border="0">
              <tr>
                 <td align="left" valign="baseline" width="10%">SSL Certificate File:</td>
                 <td align="left" valign="baseline" >
                    <input name=MAX_FILE_SIZE type=hidden value=20480>
                    <input name="certFile" type="file" maxlength="100" size="41">
                 </td>
              </tr>
           </table> 
  <br>

   </td></tr><tr><td align="center" width="100%" nowrap>
  <table width=95% align=center>
     <tr>
        <td id="testTD" class="headingTitle">Current SSL Communication Certificate</td>
     </tr>
  </table>
      <br>


   <table width="95%" border=0>
      <tr>
         <td align=center class="botThick" ><b>Type</b></td>
         <td align=center class="botThick"><b>Validity</b></td>
         <td align=center class="botThick"><b>Status</b></td>
         <td align=center class="botThick"><b>Details</b></td>
      </tr>
<?
      print_ssl_cert_info($systemCertInfo);      
?>
</table>


         </td></tr>
      </table>
  </td></tr></table>   
   
<br>
<br>
<div id="NAVDiv" style="position:relative; width:100%;">
   <br>
   <table class="navbar" id="button" align=center><tr>
      <td>
         <br>
         <a href="javascript:loadHomePage();"
            onMouseOver="changeImage(1,'cancel');window.status='Return to home page'; return true;"
            onMouseOut="changeImage(0,'cancel');window.status=''; return true;">
         <img name=cancel title='Return to home page' src="images/buttons/cancel.gif" border=0></a>
   
         <a href="javascript:applyChanges();"
            onMouseOver="changeImage(1,'apply');window.status='Apply the Changes'; return true;"
            onMouseOut="changeImage(0,'apply');window.status=''; return true;">
         <img name=apply src="images/buttons/apply.gif" border=0></a>
      </td>
   </tr></table>
</div>

</form>

<?
include('progressWin_inc.htm');
?>
</body>
</html>